Re: Load balancing between frame-relay and DSL/VPN

From: Murtaza Bhaiji (mbhaiji@yahoo.com)
Date: Sun Mar 13 2005 - 05:14:30 GMT-3

• Next message: Murtaza Bhaiji: "Re: Load balancing between frame-relay and DSL/VPN"
• Previous message: azhar mumtaz: "Re: NTP broadcast and NTP broadcast client"
• Next in thread: Murtaza Bhaiji: "Re: Load balancing between frame-relay and DSL/VPN"
• Maybe reply: Murtaza Bhaiji: "Re: Load balancing between frame-relay and DSL/VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi There,

Instead of doing all the follows you can add another
router to your DSL link. Configure HSRP on the
Ethernet interfaces. Use the Virtual IP on the PCs on
the LAN as the DG.

Configure your IPSEC Tunnel over the HSRP. This is
known as High Availability IPSEC VPN.

Read the following links to get config ideas:

http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_guide09186a00800ed370.html

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800942f7.shtml

regards,
MB

--- cciex4 <cciex4@yahoo.com> wrote:
> Hi all,
>
> I have one network scenario that needs your expert
> inputs. It is a hub-and-spoke setup. The spoke side
> has one WAN/Internet router that has one frame-relay
> and one Ethernet interface (connected to a DSL
> router), which connect to two different routers on
> the hub side (one for frame relay and the other for
> DSL).
>
> Also, VPN is to be configured on the DSL connection
> between the spoke and hub routers. The IGP is EIGRP.
>
> Topology below:
>
> SpokeRouter-FR-------WAN-------FR-HubFRRouter-----|
> |
> LAN
> ETH--DSL--------Internet-----DSL--ETH-HubVPNRouter-|
>
> The requirement for spoke side are (1) to do load
> balancing between the frame and VPN/DSL, (2) suport
> dynamic failover between frame & DSL, and (3) direct
> part of the traffic to DSL and others to frame, and
> (4) all internet bound traffic need to be back
> hauled to the hub.
>
> For req #1, I'm thinking of create a GRE/IPSEC
> tunnel on the DSL, then use EIGRP for dynamic load
> balancing. For req #2 & #3, NBAR (ie MOD CLI) and
> PBR traffic on the incoming LAN interface. In order
> to allow dynamic failover, use "set ip next-hop
> verify-availability" on the PBR route-map. For req
> #4, set a default route to a loopback interface on
> the hub router.
>
> What are the issues that you see? One of the issues
> that I can see is that packets sent from spoke to
> HubVPNRouter need to return to the same router (ie
> not from the HubFRRouter) otherwise the IPSec
> session will break? am I right?
>
> Thank you very much!
>
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Small Business - Try our new resources site!
>
>
>

Send instant messages to your online friends http://uk.messenger.yahoo.com

• Next message: Murtaza Bhaiji: "Re: Load balancing between frame-relay and DSL/VPN"
• Previous message: azhar mumtaz: "Re: NTP broadcast and NTP broadcast client"
• Next in thread: Murtaza Bhaiji: "Re: Load balancing between frame-relay and DSL/VPN"
• Maybe reply: Murtaza Bhaiji: "Re: Load balancing between frame-relay and DSL/VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:45 GMT-3